Changes in 1.2:

Per Andrew Arnott's suggestion, the starter kit now uses the DotNetOpenId library rather than the code previously used (which was created by Mads Kristensen). This gives us a more robust and secure implementation that will develop and improve independently of this project.

All actions that previously expected a username in the route now expect the user's ProviderUserKey (a Guid) instead. This was done because users with OpenID urls as their username could not previously be accessed.

"Whitelist support" has been added to the OpenID implementation, allowing you to setup regular expressions that dictate which OpenID providers are allowed to be used when logging into your site. By default there is no whitelist, so all providers are allowed.

The starter kit now offers greater control over which authentication scenarios your site supports and which is the default. Out-of-the-box only FormsAuthentication is enabled and is obviously the default.